Firewall Settings

Introduction

The edge gateway needs to integrate into your companies´ network, to communicate with the configuration server and data ingest server.

Firewall rules

If your firewall and/or proxy server block outgoing connections you need to add exceptions for the following endpoints:

• URL: edge-api.vergelink.io, Port: 443 (TCP/HTTPS) - The vergelink.io configuration UI.
• URL: hosted.mender.io, Port: 443 (TCP/HTTPS) - For secure OTA Updates
• URL: s3.amazonaws.com, Port: 443 (TCP/HTTPS) - For the OTA update artifacts

You will also need to allow access to the target MQTT or MindSphere endpoint you want to send data to. - For example:

• URL: southgate.eu1.mindsphere.io, Port: 443 (TCP/HTTPS) - for MindSphere
• URL: mqtt.cumulocity.com, Port: 8883(TLS/MQTT) - for Cumulocity
• URL: mqtt-broker.yourcompany.com, Port: 8883 (TLS/MQTT) - if you want to send data to your (external/cloud) MQTT broker

caution

You can not resolve the URLs to IP addresses and allow connections for IP addresses, since all services are hosted using redundancy with load balancers to guarantee high availability. This means that the IP addresses behind the URLs can change and the client on the edge gateway can't use only one IP address.

The client re-resolves the DNS frequently to use new Load Balancing resources added to the DNS. This is done so that clients can not overwhelm a small portion of the allocated Load Balancing resources, while overall Load Balancing is not being heavily utilized.